Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 45e2f833882e
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: d548264df9e8
Choose a head ref
  • 1 commit
  • 5 files changed
  • 1 contributor

Commits on Oct 11, 2019

  1. chromium: 77.0.3865.90 -> 77.0.3865.120 

    CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696
CVE-2019-13697

Disable jumbo mode because upstream dropped support for it.
(See chromium-dev "We're removing support for the jumbo build")

This makes builds take about 3x as long, but we have no alternative.

(cherry picked from commit f45798e)
    @ivan @bendlas
    ivan authored and bendlas committed Oct 11, 2019
    Copy the full SHA
    d548264 View commit details
25 changes: 8 additions & 17 deletions pkgs/applications/networking/browsers/chromium/common.nix
View file
Original file line number Diff line number Diff line change
@@ -96,18 +96,9 @@ let
buildPath = "out/${buildType}";
libExecPath = "$out/libexec/${packageName}";

versionRange = min-version: upto-version:
let inherit (upstream-info) version;
result = versionAtLeast version min-version && versionOlder version upto-version;
stable-version = (import ./upstream-info.nix).stable.version;
in if versionAtLeast stable-version upto-version
then warn "chromium: stable version ${stable-version} is newer than a patchset bounded at ${upto-version}. You can safely delete it."
result
else result;

base = rec {
name = "${packageName}-unwrapped-${version}";
inherit (upstream-info) version;
inherit (upstream-info) channel version;
inherit packageName buildType buildPath;

src = upstream-info.main;
@@ -125,19 +116,22 @@ let
glib gtk3 dbus-glib
libXScrnSaver libXcursor libXtst libGLU_combined
pciutils protobuf speechd libXdamage at-spi2-core
jdk.jre
] ++ optional gnomeKeyringSupport libgnome-keyring3
++ optionals gnomeSupport [ gnome.GConf libgcrypt ]
++ optionals cupsSupport [ libgcrypt cups ]
++ optional useVaapi libva
++ optional pulseSupport libpulseaudio
++ optional (versionAtLeast version "72") jdk.jre;
++ optional pulseSupport libpulseaudio;

patches = [
./patches/nix_plugin_paths_68.patch
./patches/remove-webp-include-69.patch
./patches/jumbo-sorted.patch
./patches/no-build-timestamps.patch
] ++ optionals (channel == "stable" || channel == "beta") [
./patches/widevine.patch
] ++ optionals (channel == "dev") [
./patches/widevine-79.patch
] ++ optionals (channel == "stable") [
# Revert "Implement GetFallbackFont on Linux" to fix a performance regression
# Remove after https://bugs.chromium.org/p/chromium/issues/detail?id=1003997 is fixed
(fetchpatch {
@@ -153,7 +147,7 @@ let
# - https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# - https://github.com/chromium/chromium/search?q=GCC&s=committer-date&type=Commits
#
# ++ optional (versionRange "68" "72") ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" )
# ++ optionals (channel == "dev") [ ( githubPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000" ) ]
] ++ optionals (useVaapi) [
# source: https://aur.archlinux.org/cgit/aur.git/plain/chromium-vaapi.patch?h=chromium-vaapi
./patches/chromium-vaapi.patch
@@ -234,9 +228,6 @@ let
use_gold = true;
gold_path = "${stdenv.cc}/bin";
is_debug = false;
# Use jumbo for a 2x (at least) compilation speedup, except where it is currently broken:
# https://gist.github.com/ivan/6fe7014c1b1cc35dec133fa6de0549d9
use_jumbo_build = (version != "78.0.3904.17");

proprietary_codecs = false;
use_sysroot = false;
2 changes: 1 addition & 1 deletion pkgs/applications/networking/browsers/chromium/default.nix
View file
Original file line number Diff line number Diff line change
@@ -62,7 +62,7 @@ in let
if upstream-info.channel == "stable" then
"./opt/google/chrome/libwidevinecdm.so"
else if upstream-info.channel == "beta" then
"./opt/google/chrome-beta/libwidevinecdm.so"
"./opt/google/chrome-beta/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
else if upstream-info.channel == "dev" then
"./opt/google/chrome-unstable/WidevineCdm/_platform_specific/linux_x64/libwidevinecdm.so"
else
11 changes: 0 additions & 11 deletions pkgs/applications/networking/browsers/chromium/patches/jumbo-sorted.patch
View file

This file was deleted.

11 changes: 11 additions & 0 deletions pkgs/applications/networking/browsers/chromium/patches/widevine-79.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
diff --git a/third_party/widevine/cdm/widevine_cdm_version.h b/third_party/widevine/cdm/widevine_cdm_version.h
index dd6efed02646..4d8b2b7d85f7 100644
--- a/third_party/widevine/cdm/widevine_cdm_version.h
+++ b/third_party/widevine/cdm/widevine_cdm_version.h
@@ -11,5 +11,6 @@
// If the Widevine CDM is available define the following:
// - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
// as a string, e.g., "1.0.123.456").
+#define WIDEVINE_CDM_VERSION_STRING "undefined"

#endif // WIDEVINE_CDM_VERSION_H_
18 changes: 9 additions & 9 deletions pkgs/applications/networking/browsers/chromium/upstream-info.nix
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory.
{
beta = {
sha256 = "1hzgzmrn0d6cqvqnqayl048zwlcx0f7azg2rhvm7p13lvyqzsk00";
sha256bin64 = "0p3275ii8800swlfmljbdrvyqjd5nlw0vgv2my4r8ccszgbhidbd";
version = "77.0.3865.90";
sha256 = "0al26nfcxa00gvgn02iasjm53wq089r3c6b3rqqanljffng565y7";
sha256bin64 = "0qfj08adqn19sxsgd98fy5l23cikvfkpzkz9mqq90mlabmhhrp0z";
version = "78.0.3904.50";
};
dev = {
sha256 = "0zka01ml3hbximswzkkqbqq8wpiz8f4fq4wx5fys002hi69l296l";
sha256bin64 = "0nrip45s0ylri34vlpf16xlwv3ybmy2jg7dz8l9rvgbdwwdzdb75";
version = "78.0.3904.17";
sha256 = "0ck52j5acdns7vqqvb665xpc68yl6qz0ca8lwjfhriw5hn8g1pjy";
sha256bin64 = "073gxyfayrb1dqsq8ngmnrs8ajwwrr2qbs311ns64davn1z3sscf";
version = "79.0.3928.4";
};
stable = {
sha256 = "1hzgzmrn0d6cqvqnqayl048zwlcx0f7azg2rhvm7p13lvyqzsk00";
sha256bin64 = "1npx867j39mdyivf8nlkcfwgq7j34hl7s948vf6h2kqni0y50hzl";
version = "77.0.3865.90";
sha256 = "1y3ay0ppwakbw2hqrmxbv4ykil8dahf62ypld17ddkqxkfqgk4np";
sha256bin64 = "0j1sk36nfmhx6nk8lmsdi93vcrmn58pidhb5hzkapx8mgk6xraq7";
version = "77.0.3865.120";
};
}